Bump spring-security-config from 4.2.20.RELEASE to 5.7.3

[dependabot]

Bumps spring-security-config from 4.2.20.RELEASE to 5.7.3.

Release notes

Sourced from spring-security-config's releases.

5.7.3

⭐ New Features

• Add Kotlin example showing integration with WebTestClient #9998
• Set permissions for GitHub actions #11642
• Update javadoc of EnableWebSecurity to reflect deprecation of WebSecurityConfigurerAdapter #11650

🪲 Bug Fixes

• Add Deprecated annotation to WebSecurity#securityInterceptor #11637
• Check saganCreateRelease saganDeleteRelease Required Permissions #11425
• org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal fails to return more than one "attribute" #11605
• RequestAttributeSecurityContextRepository.loadContext(HttpServletRequest) should never return null SecurityContext #11606
• RequestRejectedHandler does not reliable prevent Internal Server Error #11672
• Sources and javadocs missing in latest snapshots #11628
• Spring Security Bcrypt with strength/log rounds = 31 results in 'Bad number of rounds' error although 31 should be ok #11484
• Update javadoc of HttpSecurity, WebSecurityConfiguration and WebSecurity to reflect deprecation of WebSecurityConfigurerAdapter #11651

🔨 Dependency Upgrades

• Update hibernate-entitymanager to 5.6.10.Final #11694
• Update io.projectreactor to 2020.0.22 #11691
• Update jsonassert to 1.5.1 #11696
• Update mockk to 1.12.5 #11690
• Update org.eclipse.jetty to 9.4.48.v20220622 #11693
• Update org.jetbrains.kotlinx to 1.6.4 #11695
• Update org.springframework to 5.3.22 #11697
• Update org.springframework.data to 2021.2.2 #11698

5.7.2

⭐ New Features

• Consider updating testing examples to use JUnit Jupiter #11293

🪲 Bug Fixes

• Some Security Expressions cause NPE when used within @Query #11289
• CsrfWebFilter null save content-type check #11341
• Docs example uses access(String) with authorizeHttpRequests() #11296
• Fix typo in BasicLookupStrategy Javadoc #11339
• KeyInfo missing in AuthnRequest when using OpenSaml4AuthenticationRequestResolver #11358
• OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice #11384
• SAML request encoding: on redirect binding, base64 encoded message contains CRLF #11284
• SecurityContextRepository.loadContext(HttpServletRequest) cache result #11390
• Should SAML metadata EntityDescriptor tag have the md: prefix? #11311
• Update opaque-token.adoc #11303

🔨 Dependency Upgrades

• Update aspectj-plugin to 6.4.3.1 #11402

... (truncated)

Changelog

Sourced from spring-security-config's changelog.

= Update Dependencies

Ensure you have no changes in your local repository. Change to a new branch. For example:

[source,bash]

$ git checkout -b 5.5.0-RC1-dependencies

Review the rules in build.gradle to ensure the rules make sense. For example, we should not allow major version updates in a patch release. Also ensure that all of the exclusions still make sense.

The following Gradle command will update your dependencies creating a commit for each dependency update. The first invocation of the command will take quite a while (~20 minutes depending on internet speed) to run because it is indexing all the versions of all the dependencies.

[source,bash]

$ ./gradlew updateDependencies

Review the commits to ensure that the updated dependency versions make sense for this release. For example, we should not perform a major version update for a patch release.

[source,bash]

$ git log

If any of the versions don’t make sense, update build.gradle to ensure that the version is excluded.

Run all the checks:

[source,bash]

$ ./gradlew check

If they don’t work, you can run a git bisect to discover what broke the build. Fix any commits that broke the build.

Check out the original brach:

[source,bash]

$ git checkout -

The following command will update the dependencies again but this time creating a ticket for each update and placing Closes gh-<number> in the commit. Replacing the following values:

... (truncated)

Commits

• 173d74d Release 5.7.3
• 66cb3e0 Update org.springframework.data to 2021.2.2
• 74675ef Update org.springframework to 5.3.22
• a92ac82 Update jsonassert to 1.5.1
• db638c2 Update org.jetbrains.kotlinx to 1.6.4
• f884527 Update hibernate-entitymanager to 5.6.10.Final
• dbd1744 Update org.eclipse.jetty to 9.4.48.v20220622
• 2eeee99 Update io.projectreactor to 2020.0.22
• e8c5642 Update mockk to 1.12.5
• 6a2ca52 Consistently handle RequestRejectedException if it is wrapped
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #2928.